Monday, April 6, 2015

Suricata IDPS - Application layer anomalies protocol detection

Suricata IDS/IPS/NSM also allows you to do application layer anomaly detection.
I started talking to inliniac about protocol anomaly detection rules one day on the Suricata IRC chat room...which evolved more into a discussion resulting in us updating the rule sets with some examples of how to do that.